Malware Analysis Report

2024-11-30 02:45

Sample ID 240407-wdyypsae48
Target e581bfcecf4d04572cd73e03ca03e8a9_JaffaCakes118
SHA256 24dab264063bfd98dfd0f1dee3f570fb7fd2b8b075bbaf32d83a0189fc47f9f3
Tags
discovery spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

24dab264063bfd98dfd0f1dee3f570fb7fd2b8b075bbaf32d83a0189fc47f9f3

Threat Level: Shows suspicious behavior

The file e581bfcecf4d04572cd73e03ca03e8a9_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery spyware stealer

Reads user/profile data of web browsers

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops Chrome extension

Drops file in System32 directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 17:48

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 17:48

Reported

2024-04-07 17:51

Platform

win7-20240221-en

Max time kernel

124s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e581bfcecf4d04572cd73e03ca03e8a9_JaffaCakes118.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e581bfcecf4d04572cd73e03ca03e8a9_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Checks installed software on the system

discovery

Drops Chrome extension

Description Indicator Process Target
File created C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\knnlfdlekojbebccggjioopkandhdaon\2.2\manifest.json C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe N/A
File created C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\knnlfdlekojbebccggjioopkandhdaon\2.2\manifest.json C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe N/A
File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\knnlfdlekojbebccggjioopkandhdaon\2.2\manifest.json C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\GroupPolicy C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe N/A
File opened for modification C:\Windows\SysWOW64\GroupPolicy\gpt.ini C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe N/A
File created C:\Windows\System32\GroupPolicy\Machine\Registry.pol C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\GPT.INI C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e581bfcecf4d04572cd73e03ca03e8a9_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\e581bfcecf4d04572cd73e03ca03e8a9_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe

"C:\Users\Admin\AppData\Local\Temp/5f69388e/37bz2M.exe"

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe

MD5 3235a5142bce167c8be580ce72d55378
SHA1 8e8c1d0303a7924d0bbb20d7d69ab712e2397593
SHA256 8358abb88476040868017096d1870834af04773921394555c002070e1fb7475c
SHA512 913fc9e9bf1857cff7a7d22bb21e563f977be20cb4a671550c7b67026259c5ebb8fafa55615a8a6f4d3a248337e0bc40455a8a257c4d9eff9413c41a8ff18d08

C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.dat

MD5 19704cea92f792f8dda3814a436bbc8b
SHA1 72ba2c8464d14645fd029fa5891ea8fbdc4beb4c
SHA256 0dfa2ae39c051951d892d6de77558dfe83a1586d49bbdc023a515b2f81fe2da5
SHA512 e7141db13a188dd7b74d6bc2f6a341bbd18ec72d2aa64f97ddf55f164441f0608abb11b776ff8dd1bd644450fc540383a8b09ed4d3e7d03c01eaddd4e8258f56

C:\Users\Admin\AppData\Local\Temp\5f69388e\knnlfdlekojbebccggjioopkandhdaon\background.html

MD5 2cefed3696354c0e8c6ef1635eb1748c
SHA1 b2184df1cd1cda49471842e458a98d34c90c92e4
SHA256 e606b6e17669e80daef16e6421305625612c6d4e913a19586950f3981c6eb478
SHA512 7486f74cf89245f51e250203fb0839ba2f5494622b4a80e48fd2c9f6e42b070425214469e0540b748577746953bbc934f7147996114db62ecefc66f3d7755594

C:\Users\Admin\AppData\Local\Temp\5f69388e\knnlfdlekojbebccggjioopkandhdaon\manifest.json

MD5 4c4bad19f3514e843f38a49ed67c9126
SHA1 bbb1b10f73992a749c51c447678676a18849fab4
SHA256 c7d4e356cc5de4755833d581a7b0092d7259ed2bb172ca195bc23f8e504eefae
SHA512 050533fc10b26f027f990248b27f738ed182a8c42b8b9a898e66cd0fb4ef382cc94ae47eb027bbf8eaf1912b61b9c21798a15dd7be4431c89779e6f3eaeedfcf

C:\Users\Admin\AppData\Local\Temp\5f69388e\knnlfdlekojbebccggjioopkandhdaon\lsdb.js

MD5 36d98318ab2b3b2585a30984db328afb
SHA1 f30b85fbe08e1d569ad49dfeafaf7cb2da6585a5
SHA256 ea2caf61817c6f7781ee049217e51c1083c8fc4f1e08e07792052dfdfa529ae7
SHA512 6f61ccda2eba18369409850b2c91c9817fc741755e29a1579646e3816e0deab80e34a5adb9ff865c773793d32ac338163a224dbf363b46420d6ea42a7bbb2b3a

C:\Users\Admin\AppData\Local\Temp\5f69388e\knnlfdlekojbebccggjioopkandhdaon\k30Last.js

MD5 ea793f01d989bcf6f2f7b333831dd787
SHA1 57a480728913d356b62137344906e936b366ef56
SHA256 b0f2661fa33126e8772fe3a088288d100e17656033484a57e19b5865e2ca974f
SHA512 8b3ec71ea5e5f4c7db6e3d0fdad557ea2380b5c0fee5c70bb6461148bc102d646c0caa45abcaa87d409bd012b6b3dbe4c3c0fce5d413499ab96bae1e819f280b

C:\Users\Admin\AppData\Local\Temp\5f69388e\knnlfdlekojbebccggjioopkandhdaon\content.js

MD5 0654917402505bc71a231599d02e09a2
SHA1 e24d4fcf6f136c3be86b4dc01bd3bf446ce462ff
SHA256 9577828de9e701114e75cca9918972c9028689518882edcb6aa193f9353c19ae
SHA512 3e7077342d4c06d1192898a4ec5c9b19f3ca8883c5fd7c6e2a581d855959b748b5a8c4b07e3468cfc8b79e6abc1595fefccb41011c179da665567d5dc4b2da5d

C:\Users\Admin\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\knnlfdlekojbebccggjioopkandhdaon\2.2\manifest.json

MD5 876496308931b819152d59b604933fa9
SHA1 f20cd67f676bd5f2f3505869c96cb5de1c89f7c6
SHA256 98c869d73a787c79a30743be2abd363321d19f27d25bade6b42971ee4e274fc4
SHA512 f6dda4a9fbda99d90fedd4ee8bb79ef0fdc4941efaf51a8af565a37e4074435ce4cadccdec3e47f5d3caf2d1c9c4091a52af02d9b7936db499a4ce8634fe48b2

C:\Users\Admin\AppData\Local\Temp\5f69388e\[email protected]\bootstrap.js

MD5 df13f711e20e9c80171846d4f2f7ae06
SHA1 56d29cda58427efe0e21d3880d39eb1b0ef60bee
SHA256 6c325461fba531a94cf8cbdcfc52755494973df0629ce0ee3fef734ab0838fc4
SHA512 6c51cee3bf13f164c4a5c9884cc6053cbf9db9701d34c07dc5761d2c047d3d1f7a361b32996a430107e9a4ce68a29149d747a84c76778a1e8780719a3d30470e

C:\Users\Admin\AppData\Local\Temp\5f69388e\[email protected]\chrome.manifest

MD5 349cc6477ea86d06b041eb5dbe9280bf
SHA1 3ed8d1e7bb3799e7ac652efb640e8d6892c14343
SHA256 3134b6a207fc29d719e3b736c1a8fae9cf204605648adf2d65308bb8bb807a21
SHA512 b763fda63e6e2e884195594d6f78d81f1cee047432917da4a8966f1c4503514c3d88f8244e5ad3cb36eba243ca0a04f16bca5dd86caf150c15d6aaf029650548

C:\Users\Admin\AppData\Local\Temp\5f69388e\[email protected]\content\bg.js

MD5 017f3c5bb21b5773dcf154175a33cd9b
SHA1 d8e0780e8e7e1f1e8cdb06a3f57525fe0cbcee7e
SHA256 39b9b7f1da11fd650f8acfbe9bc36898b1f2415c8edf304beb8622b70ea40158
SHA512 643897807a74dda12e032da2e46031da88fd5233270a1a779d9e4c3f13a8d88376d15b00189e15a0cda391b9448fcfe8dcc368845416946e521933fc00ab35f6

C:\Users\Admin\AppData\Local\Temp\5f69388e\[email protected]\install.rdf

MD5 274c6158964f52b13e76fbc298076c3f
SHA1 282fa6731c52c4fa62bf69317f95919b5b8e6ce9
SHA256 9db533644a114475e94a70b10b9a574e37c26e8bc490da779d3de6ceacbbb817
SHA512 4827b06950a2d193fbaab42ef57e17004965edb84edde22639073bd07b00f78fca065c74d08628a8200ff393ba50e594126ee3cf846287bfd40627b113a3f815

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 17:48

Reported

2024-04-07 17:51

Platform

win10v2004-20231215-en

Max time kernel

121s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e581bfcecf4d04572cd73e03ca03e8a9_JaffaCakes118.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe N/A

Reads user/profile data of web browsers

spyware stealer

Checks installed software on the system

discovery

Drops Chrome extension

Description Indicator Process Target
File created C:\Users\DefaultAccount\AppData\Local\Google\Chrome\User Data\Default\Extensions\knnlfdlekojbebccggjioopkandhdaon\2.2\manifest.json C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe N/A
File created C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\knnlfdlekojbebccggjioopkandhdaon\2.2\manifest.json C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe N/A
File created C:\Users\WDAGUtilityAccount\AppData\Local\Google\Chrome\User Data\Default\Extensions\knnlfdlekojbebccggjioopkandhdaon\2.2\manifest.json C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe N/A
File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\knnlfdlekojbebccggjioopkandhdaon\2.2\manifest.json C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe N/A
File created C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\knnlfdlekojbebccggjioopkandhdaon\2.2\manifest.json C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\GroupPolicy\gpt.ini C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe N/A
File created C:\Windows\System32\GroupPolicy\Machine\Registry.pol C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\GPT.INI C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e581bfcecf4d04572cd73e03ca03e8a9_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\e581bfcecf4d04572cd73e03ca03e8a9_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe

"C:\Users\Admin\AppData\Local\Temp/71740924/37bz2M.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 241.197.17.2.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe

MD5 3235a5142bce167c8be580ce72d55378
SHA1 8e8c1d0303a7924d0bbb20d7d69ab712e2397593
SHA256 8358abb88476040868017096d1870834af04773921394555c002070e1fb7475c
SHA512 913fc9e9bf1857cff7a7d22bb21e563f977be20cb4a671550c7b67026259c5ebb8fafa55615a8a6f4d3a248337e0bc40455a8a257c4d9eff9413c41a8ff18d08

C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.dat

MD5 19704cea92f792f8dda3814a436bbc8b
SHA1 72ba2c8464d14645fd029fa5891ea8fbdc4beb4c
SHA256 0dfa2ae39c051951d892d6de77558dfe83a1586d49bbdc023a515b2f81fe2da5
SHA512 e7141db13a188dd7b74d6bc2f6a341bbd18ec72d2aa64f97ddf55f164441f0608abb11b776ff8dd1bd644450fc540383a8b09ed4d3e7d03c01eaddd4e8258f56

C:\Users\Admin\AppData\Local\Temp\71740924\knnlfdlekojbebccggjioopkandhdaon\background.html

MD5 2cefed3696354c0e8c6ef1635eb1748c
SHA1 b2184df1cd1cda49471842e458a98d34c90c92e4
SHA256 e606b6e17669e80daef16e6421305625612c6d4e913a19586950f3981c6eb478
SHA512 7486f74cf89245f51e250203fb0839ba2f5494622b4a80e48fd2c9f6e42b070425214469e0540b748577746953bbc934f7147996114db62ecefc66f3d7755594

C:\Users\Admin\AppData\Local\Temp\71740924\knnlfdlekojbebccggjioopkandhdaon\content.js

MD5 0654917402505bc71a231599d02e09a2
SHA1 e24d4fcf6f136c3be86b4dc01bd3bf446ce462ff
SHA256 9577828de9e701114e75cca9918972c9028689518882edcb6aa193f9353c19ae
SHA512 3e7077342d4c06d1192898a4ec5c9b19f3ca8883c5fd7c6e2a581d855959b748b5a8c4b07e3468cfc8b79e6abc1595fefccb41011c179da665567d5dc4b2da5d

C:\Users\Admin\AppData\Local\Temp\71740924\knnlfdlekojbebccggjioopkandhdaon\k30Last.js

MD5 ea793f01d989bcf6f2f7b333831dd787
SHA1 57a480728913d356b62137344906e936b366ef56
SHA256 b0f2661fa33126e8772fe3a088288d100e17656033484a57e19b5865e2ca974f
SHA512 8b3ec71ea5e5f4c7db6e3d0fdad557ea2380b5c0fee5c70bb6461148bc102d646c0caa45abcaa87d409bd012b6b3dbe4c3c0fce5d413499ab96bae1e819f280b

C:\Users\Admin\AppData\Local\Temp\71740924\knnlfdlekojbebccggjioopkandhdaon\lsdb.js

MD5 36d98318ab2b3b2585a30984db328afb
SHA1 f30b85fbe08e1d569ad49dfeafaf7cb2da6585a5
SHA256 ea2caf61817c6f7781ee049217e51c1083c8fc4f1e08e07792052dfdfa529ae7
SHA512 6f61ccda2eba18369409850b2c91c9817fc741755e29a1579646e3816e0deab80e34a5adb9ff865c773793d32ac338163a224dbf363b46420d6ea42a7bbb2b3a

C:\Users\Admin\AppData\Local\Temp\71740924\knnlfdlekojbebccggjioopkandhdaon\manifest.json

MD5 4c4bad19f3514e843f38a49ed67c9126
SHA1 bbb1b10f73992a749c51c447678676a18849fab4
SHA256 c7d4e356cc5de4755833d581a7b0092d7259ed2bb172ca195bc23f8e504eefae
SHA512 050533fc10b26f027f990248b27f738ed182a8c42b8b9a898e66cd0fb4ef382cc94ae47eb027bbf8eaf1912b61b9c21798a15dd7be4431c89779e6f3eaeedfcf

C:\Users\WDAGUtilityAccount\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\knnlfdlekojbebccggjioopkandhdaon\2.2\k30Last.js

MD5 37655ee4006f2b12cc90c7f1aa6831e2
SHA1 38d0689cae44b15d15a2fee259764e00bf905cad
SHA256 2927917f208df8f962b814c25a82803c73729d445c6af9f627ddd76c52e1f845
SHA512 a97a0e6ad39aec4a8efa863673121d5005675c6a3103164192030dd1202646094ffe401245b8ead0f1ae4a103e1ad75c51cf125b8ad58983c83f3d96653414aa

C:\Users\WDAGUtilityAccount\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\knnlfdlekojbebccggjioopkandhdaon\2.2\lsdb.js

MD5 b6d7dcc66dbb3f6fc3e112b2c1bee01a
SHA1 c453ff9aeffed75ba68729fb40c291c887da5007
SHA256 6b4168e801cbc6e12c67eb1227bacd8b3e3d1c75177d617caf53e0e3db8ec297
SHA512 cc2579fc863128db86c349586b3c32ebcf5c52b534359b5933a95075e13179c5e644176258903f955bbbff40bc4860895958635d41c766959dc47197613e6c53

C:\Users\Admin\AppData\Local\Temp\71740924\[email protected]\install.rdf

MD5 274c6158964f52b13e76fbc298076c3f
SHA1 282fa6731c52c4fa62bf69317f95919b5b8e6ce9
SHA256 9db533644a114475e94a70b10b9a574e37c26e8bc490da779d3de6ceacbbb817
SHA512 4827b06950a2d193fbaab42ef57e17004965edb84edde22639073bd07b00f78fca065c74d08628a8200ff393ba50e594126ee3cf846287bfd40627b113a3f815

C:\Users\Admin\AppData\Local\Temp\71740924\[email protected]\content\bg.js

MD5 017f3c5bb21b5773dcf154175a33cd9b
SHA1 d8e0780e8e7e1f1e8cdb06a3f57525fe0cbcee7e
SHA256 39b9b7f1da11fd650f8acfbe9bc36898b1f2415c8edf304beb8622b70ea40158
SHA512 643897807a74dda12e032da2e46031da88fd5233270a1a779d9e4c3f13a8d88376d15b00189e15a0cda391b9448fcfe8dcc368845416946e521933fc00ab35f6

C:\Users\Admin\AppData\Local\Temp\71740924\[email protected]\chrome.manifest

MD5 349cc6477ea86d06b041eb5dbe9280bf
SHA1 3ed8d1e7bb3799e7ac652efb640e8d6892c14343
SHA256 3134b6a207fc29d719e3b736c1a8fae9cf204605648adf2d65308bb8bb807a21
SHA512 b763fda63e6e2e884195594d6f78d81f1cee047432917da4a8966f1c4503514c3d88f8244e5ad3cb36eba243ca0a04f16bca5dd86caf150c15d6aaf029650548

C:\Users\Admin\AppData\Local\Temp\71740924\[email protected]\bootstrap.js

MD5 df13f711e20e9c80171846d4f2f7ae06
SHA1 56d29cda58427efe0e21d3880d39eb1b0ef60bee
SHA256 6c325461fba531a94cf8cbdcfc52755494973df0629ce0ee3fef734ab0838fc4
SHA512 6c51cee3bf13f164c4a5c9884cc6053cbf9db9701d34c07dc5761d2c047d3d1f7a361b32996a430107e9a4ce68a29149d747a84c76778a1e8780719a3d30470e